[Workman-devel] cgroup: status-quo and userland efforts
Michal Hocko
mhocko at suse.cz
Tue Jul 23 14:48:16 UTC 2013
On Mon 15-07-13 14:49:40, Vivek Goyal wrote:
> On Sun, Jun 30, 2013 at 08:38:38PM +0200, Michal Hocko wrote:
> > On Fri 28-06-13 14:01:55, Vivek Goyal wrote:
> > > On Fri, Jun 28, 2013 at 05:05:13PM +0200, Michal Hocko wrote:
> > [...]
> > > > OK, so libcgroup's rules daemon will still work and place my tasks in
> > > > appropriate cgroups?
> > >
> > > Do you use that daemon in practice?
> >
> > I am not but my users do. And that is why I care.
>
> Michael,
>
> would you have more details of how those users are exactly using
> rules engine daemon.
The most common usage is uid and exec names.
> To me rulesengined processed 3 kinds of rules.
>
> - uid based
> - gid based
> - exec file path based
>
> uid/gid based rule exection can be taken care by pam_cgroup module too.
> So I think one should not need cgrulesengined for that.
I am not familiar with pam_cgroup much but it is a part of libcgroup
package, right?
> I am curious what kind of exec rules are useful. Any placement of
> services one can do using systemd. So only executables we are left
> to manage are which are not services.
Yes, those are usually backup processes which should not disrupt the
regular server workload.
uid ones are used to keep a leash on local users of the machine but i do
not have many details as I usually do not have access to those machines.
All I see are complains when something explodes ;)
--
Michal Hocko
SUSE Labs
More information about the Containers
mailing list